diff --git a/systemd/README.md b/systemd/README.md
new file mode 100644
index 00000000..98cea72d
--- /dev/null
+++ b/systemd/README.md
@@ -0,0 +1,16 @@
+Stubby integration with systemd
+===============================
+
+For GNU/Linux operating systems which use systemd as a process
+manager, you might want to run stubby as a system service.
+
+This directory provides recommended systemd unit files.
+
+This setup assumes that there is a system-level user named "stubby"
+which is in group "stubby", and try to limit the privileges of the
+running daemon to that user as closely as possible.
+
+Normally, a downstream distributor will install them as:
+
+    /usr/lib/tmpfiles.d/stubby.conf
+    /lib/systemd/system/stubby.service
diff --git a/systemd/stubby.conf b/systemd/stubby.conf
new file mode 100644
index 00000000..bf704927
--- /dev/null
+++ b/systemd/stubby.conf
@@ -0,0 +1,2 @@
+# tmpfiles.d (5) for use with stubby.service
+d /run/stubby 0750 root stubby - -
diff --git a/systemd/stubby.service b/systemd/stubby.service
new file mode 100644
index 00000000..b85b8e90
--- /dev/null
+++ b/systemd/stubby.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=stubby DNS resolver
+
+[Service]
+WorkingDirectory=/run/stubby
+ExecStart=/usr/bin/stubby
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+User=stubby
+
+[Install]
+WantedBy=multi-user.target